Security Pillar

The Security pillar of the Azure Well-Architected Framework focuses on protecting your workload against threats and vulnerabilities. Security must be considered at every layer of your architecture — from identity and access management to network security, data protection, and application security.

---

Design Principles

Zero Trust

The Zero Trust model assumes that no user, device, or network is inherently trustworthy. Every request must be verified explicitly, regardless of where it originates. The three principles of Zero Trust are:

1. Verify explicitly — Always authenticate and authorise based on all available data points (identity, location, device, service, data classification, anomalies)
2. Use least privilege access — Limit user and service access to only what is needed, for only as long as it is needed
3. Assume breach — Minimise the blast radius and segment access. Verify end-to-end encryption. Use analytics to detect threats and improve defences

Defence in Depth

Security should be implemented in multiple layers so that if one layer fails, the next layer provides protection: